WSGISocketPrefix run/wsgi
#WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
WSGIPassAuthorization On
WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=6 threads=6 inactivity-timeout=300
WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300

## Redirects http -> https

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.io
  Redirect permanent / https://stg.pagure.io/
{% else %}
  ServerName pagure.io
  Redirect permanent / https://pagure.io/
{% endif %}
</VirtualHost>

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName docs.stg.pagure.org
  Redirect permanent / https://docs.stg.pagure.org/
{% else %}
  ServerName docs.pagure.org
  Redirect permanent / https://docs.pagure.org/
{% endif %}
</VirtualHost>

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName releases.stg.pagure.org
  #Redirect permanent / https://releases.stg.pagure.org/
{% else %}
  ServerName releases.pagure.org
  #Redirect permanent / https://releases.pagure.org/
{% endif %}

# Added until we can get the cert out
  DocumentRoot "/var/www/releases"

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>



## End of redirects http -> https


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.io
{% else %}
  ServerName pagure.io
{% endif %}

  Alias "/robots.txt" "/var/www/html/robots.txt"

  WSGIScriptAlias / /var/www/pagure.wsgi

  ServerAdmin admin@fedoraproject.org

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/certs/pagure.io.key

  Alias /static /usr/lib/python2.7/site-packages/pagure/static/

  SetEnv GIT_PROJECT_ROOT /srv/git/repositories

  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/git/repositories/$1
  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/repositories/$1
  ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
    info/refs | \
    objects/info/[^/]+ | \
    git-(upload|receive)-pack))$" \
    /usr/libexec/git-core/git-http-backend/$1

  <Location />
   WSGIProcessGroup pagure
   <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
   </IfModule>
   <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
   </IfModule>
  </Location>

  <Location /releases>
  Redirect "/releases" https://releases.pagure.org
  </Location>

</VirtualHost>


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.org
{% else %}
  ServerName pagure.org
{% endif %}

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
  SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
  SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
{% if env == 'pagure-staging' %}
  Redirect permanent / https://stg.pagure.io/
{% else %}
  Redirect permanent / https://pagure.io/
{% endif %}
</VirtualHost>


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName docs.stg.pagure.org
{% else %}
  ServerName docs.pagure.org
{% endif %}

  WSGIScriptAlias / /var/www/docs_pagure.wsgi

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/certs/pagure.io.key

  Alias /static /usr/lib/python2.7/site-packages/pagure/static/

  <Location />
    WSGIProcessGroup paguredocs
    <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
    </IfModule>
   </Location>
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/var/www/releases"
{% if env == 'pagure-staging' %}
  ServerName releases.stg.pagure.org
{% else %}
  ServerName releases.pagure.org
{% endif %}

  AddType application/octet-stream msi

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>

